Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>I'd recommend you sync the session lifetimes on the STS and the RP(s).</p> <p>You can set the session lifetime to 10 minutes on the STS and 10 minutes on the RP and use the sliding session approach on the RP. After 10 minutes of inactivity both sessions would expire and the user should be required to re-authenticate.</p> <p>If you have multiple RPs you could implement a form of keep-alive from the RP to the STS - e.g. load a resource from the STS in every webpage on the RPs. Whenever a page is loaded on an RP, the keep-alive resource would be loaded from the STS - refreshing the STS session. After 10 minutes of inactivity they would both time out and the user would have to re-authenticate.</p> <p>"A resource from the STS" could mean a web page (Web Forms/MVC) loaded in an invisible iframe. The important thing is that it's a managed handler so the request is handled by ASP.NET.</p> <p>As for your questions, if you sync the session lifetimes so they time out together:</p> <ol> <li>No, you don't need to add any code in the else clause. If the token is expired, WIF will redirect to the STS.</li> <li>Just remove the else clause.</li> <li>Let WIF handle this for you.</li> </ol> <p>For completeness, if you can't sync the session lifetimes you could trigger a federated sign-out when the RP session expires. The following snippet triggers a signout at the configured Issuer (STS). You could put this in the else clause to trigger a signout on the first request after the RP session expires:</p> <pre><code>using System.IdentityModel.Services; //WIF 4.5 var stsAddress = new Uri(FederatedAuthentication.FederationConfiguration.WsFederationConfiguration.Issuer); WSFederationAuthenticationModule.FederatedSignOut(stsAddress, null); //Optional replyUrl set to null </code></pre> <p>Hope that helps!</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload